Korean
-
Blog
North Korean hackers use new macOS malware against crypto firms
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector. The malware deployed in these attacks relies on a novel persistence mechanism on macOS that…
Read More » -
Blog
Undercover North Korean IT workers now steal data, extort employers
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization’s network and asking for a ransom to not leak it. Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to…
Read More » -
Blog
North Korean hackers exploit Chrome zero-day to deploy rootkit
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. “We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,” Microsoft said on Friday, attributing the attacks…
Read More » -
Blog
South Korean hackers exploited WPS Office zero-day to deploy malware
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, tracked…
Read More » -
Blog
North Korean insider attacks are skyrocketing – dozens of US firms didn’t spot the hacker in their midst
Over 100 organizations have been targeted by North Korean hackers posing as legitimate IT workers to steal money and exfiltrate sensitive information, new research reveals. The threat campaign, operated by a group tracked as FAMOUS CHOLLIMA, involves posing as a locally-based IT technician or software developer, using stolen identities and deepfake technology to pass background checks. In its 2024 Threat…
Read More » -
Blog
US citizen charged with aiding North Korean hackers moonlighting as tech workers
The US Department of Justice (DoJ) has charged a Nashville resident for helping North Korean hackers gain positions at US and UK tech companies. Matthew Isaac Knoot, 38, is accused of being responsible for the US-side of a campaign to get threat actors positions at prominent firms in a bid to steal information and extort ransoms. Knoot was charged on…
Read More »